In recent years, Google has expanded the scope of Safe Browsing to Gmail on the web and third-party Android apps, while protecting against more kinds of threats. The latest update adds additional protections in the forms of user warnings against Android apps that collect user and device data without permission.
This also extends to device data associated with analytics, crash reports, and other functions of the app:
For example, during analytics and crash reportings, the list of installed packages unrelated to the app may not be transmitted from the device without prominent disclosure and affirmative consent.
Developers in both Google Play and non-Play app markets have to abide by these new guidelines on handling user data and disclosure. Those that don’t will be penalized with users seeing a warning on Google Play Protect or websites leading to the app.
Enforcement of this Unwanted Software Policy will begin in 60 days. Google is providing a number of guides for resources developers and site owners to gain compliance:
Webmasters whose sites show warnings due to distribution of these apps should refer to the Search Console for guidance on remediation and resolution of the warnings. Developers whose apps show warnings should refer to guidance in the Unwanted Software Help Center. Developers can also request an app review using this article on App verification and appeals, which contains guidance applicable to apps in both Google Play and non-Play app stores.